Nagios Check for Fortigate Clusters
by Michele Baldessari
It’s the month of nagios checks I guess.. I needed to monitor the status of the HA Fortigate clusters we have around the world. There is a very rudimentary plugin on the nagios exchange site, but it is a perl script that forks another perl script a bunch of times and I already have 600 hosts and more than a thousand services, so I thought I’d implement something a bit cleaner in python
The only documentation on the Fortigate HA Mibs I was able to find is here: http://www.oidview.com/mibs/12356/FORTINET-MIB-280.html
Interestingly enough the OID that contains the names of the nodes in the cluster (SNMPv2-SMI::enterprises.123126.96.36.199.1.11.) is nowhere mentioned there. The standard Fortigate cluster is a fairly strange beast in the sense that there is only one ip address (no physical ip’s plus the virtual one like in most clusters) and the firewalls exchange all the configuration and info through multicast on a separate link. That’s why the first time the script runs it stores the names and the serial numbers of the nodes in a file and then checks that the order is the same in its subsequent runs.
Here is the script: fortinet-ha.py
I didn’t add any snmp v1 or snmp v3 support as I have no time at the moment, but that should be quite trivial to add.